@supabase/auth-js 3.0.0-next.4 → 3.0.0-next.6

package/dist/main/GoTrueClient.js

@@ -27,6 +27,7 @@ const DEFAULT_OPTIONS = {
     throwOnError: false,
     lockAcquireTimeout: 5000, // 5 seconds
     skipAutoInitialize: false,
+    experimental: {},
 };
 async function lockNoOp(name, acquireTimeout, fn) {
     return await fn();
@@ -81,7 +82,7 @@ class GoTrueClient {
      * ```
      */
     constructor(options) {
-        var _a, _b, _c;
+        var _a, _b, _c, _d;
         /**
          * @experimental
          */
@@ -126,10 +127,12 @@ class GoTrueClient {
         }
         this.persistSession = settings.persistSession;
         this.autoRefreshToken = settings.autoRefreshToken;
+        this.experimental = (_b = settings.experimental) !== null && _b !== void 0 ? _b : {};
         this.admin = new GoTrueAdminApi_1.default({
             url: settings.url,
             headers: settings.headers,
             fetch: settings.fetch,
+            experimental: this.experimental,
         });
         this.url = settings.url;
         this.headers = settings.headers;
@@ -143,7 +146,7 @@ class GoTrueClient {
         if (settings.lock) {
             this.lock = settings.lock;
         }
-        else if (this.persistSession && (0, helpers_1.isBrowser)() && ((_b = globalThis === null || globalThis === void 0 ? void 0 : globalThis.navigator) === null || _b === void 0 ? void 0 : _b.locks)) {
+        else if (this.persistSession && (0, helpers_1.isBrowser)() && ((_c = globalThis === null || globalThis === void 0 ? void 0 : globalThis.navigator) === null || _c === void 0 ? void 0 : _c.locks)) {
             this.lock = locks_1.navigatorLock;
         }
         else {
@@ -170,6 +173,15 @@ class GoTrueClient {
             listGrants: this._listOAuthGrants.bind(this),
             revokeGrant: this._revokeOAuthGrant.bind(this),
         };
+        this.passkey = {
+            startRegistration: this._startPasskeyRegistration.bind(this),
+            verifyRegistration: this._verifyPasskeyRegistration.bind(this),
+            startAuthentication: this._startPasskeyAuthentication.bind(this),
+            verifyAuthentication: this._verifyPasskeyAuthentication.bind(this),
+            list: this._listPasskeys.bind(this),
+            update: this._updatePasskey.bind(this),
+            delete: this._deletePasskey.bind(this),
+        };
         if (this.persistSession) {
             if (settings.storage) {
                 this.storage = settings.storage;
@@ -198,7 +210,7 @@ class GoTrueClient {
             catch (e) {
                 console.error('Failed to create a new BroadcastChannel, multi-tab state changes will not be available', e);
             }
-            (_c = this.broadcastChannel) === null || _c === void 0 ? void 0 : _c.addEventListener('message', async (event) => {
+            (_d = this.broadcastChannel) === null || _d === void 0 ? void 0 : _d.addEventListener('message', async (event) => {
                 this._debug('received broadcast notification from other tab or client', event);
                 try {
                     await this._notifyAllSubscribers(event.data.event, event.data.session, false); // broadcast = false so we don't get an endless loop of messages
@@ -4859,6 +4871,331 @@ class GoTrueClient {
             throw error;
         }
     }
+    // --- Passkey Methods ---
+    /**
+     * Sign in with a passkey. Handles the full WebAuthn ceremony:
+     * 1. Fetches authentication challenge from server
+     * 2. Prompts user via navigator.credentials.get()
+     * 3. Verifies credential with server and creates session
+     *
+     * Requires `auth.experimental.passkey: true`.
+     */
+    async signInWithPasskey(credentials) {
+        var _a, _b, _c;
+        (0, helpers_1.assertPasskeyExperimentalEnabled)(this.experimental);
+        try {
+            if (!(0, webauthn_1.browserSupportsWebAuthn)()) {
+                return this._returnResult({
+                    data: null,
+                    error: new errors_1.AuthUnknownError('Browser does not support WebAuthn', null),
+                });
+            }
+            // 1. Get challenge options from server
+            const { data: options, error: optionsError } = await this._startPasskeyAuthentication({
+                options: { captchaToken: (_a = credentials === null || credentials === void 0 ? void 0 : credentials.options) === null || _a === void 0 ? void 0 : _a.captchaToken },
+            });
+            if (optionsError || !options) {
+                return this._returnResult({ data: null, error: optionsError });
+            }
+            // 2. Deserialize and prompt user via browser WebAuthn API
+            const publicKeyOptions = (0, webauthn_1.deserializeCredentialRequestOptions)(options.options);
+            const signal = (_c = (_b = credentials === null || credentials === void 0 ? void 0 : credentials.options) === null || _b === void 0 ? void 0 : _b.signal) !== null && _c !== void 0 ? _c : webauthn_1.webAuthnAbortService.createNewAbortSignal();
+            const { data: credential, error: credentialError } = await (0, webauthn_1.getCredential)({
+                publicKey: publicKeyOptions,
+                signal,
+            });
+            if (credentialError || !credential) {
+                return this._returnResult({
+                    data: null,
+                    error: credentialError !== null && credentialError !== void 0 ? credentialError : new errors_1.AuthUnknownError('WebAuthn ceremony failed', null),
+                });
+            }
+            // 3. Serialize and verify with server
+            const serialized = (0, webauthn_1.serializeCredentialRequestResponse)(credential);
+            return this._verifyPasskeyAuthentication({
+                challengeId: options.challenge_id,
+                credential: serialized,
+            });
+        }
+        catch (error) {
+            if ((0, errors_1.isAuthError)(error)) {
+                return this._returnResult({ data: null, error });
+            }
+            throw error;
+        }
+    }
+    /**
+     * Register a passkey for the current authenticated user. Handles the full WebAuthn ceremony:
+     * 1. Fetches registration challenge from server
+     * 2. Prompts user via navigator.credentials.create()
+     * 3. Verifies credential with server
+     *
+     * Requires an active session. Requires `auth.experimental.passkey: true`.
+     */
+    async registerPasskey(credentials) {
+        var _a, _b;
+        (0, helpers_1.assertPasskeyExperimentalEnabled)(this.experimental);
+        try {
+            if (!(0, webauthn_1.browserSupportsWebAuthn)()) {
+                return this._returnResult({
+                    data: null,
+                    error: new errors_1.AuthUnknownError('Browser does not support WebAuthn', null),
+                });
+            }
+            // 1. Get challenge options from server
+            const { data: options, error: optionsError } = await this._startPasskeyRegistration();
+            if (optionsError || !options) {
+                return this._returnResult({ data: null, error: optionsError });
+            }
+            // 2. Deserialize and prompt user via browser WebAuthn API
+            const publicKeyOptions = (0, webauthn_1.deserializeCredentialCreationOptions)(options.options);
+            const signal = (_b = (_a = credentials === null || credentials === void 0 ? void 0 : credentials.options) === null || _a === void 0 ? void 0 : _a.signal) !== null && _b !== void 0 ? _b : webauthn_1.webAuthnAbortService.createNewAbortSignal();
+            const { data: credential, error: credentialError } = await (0, webauthn_1.createCredential)({
+                publicKey: publicKeyOptions,
+                signal,
+            });
+            if (credentialError || !credential) {
+                return this._returnResult({
+                    data: null,
+                    error: credentialError !== null && credentialError !== void 0 ? credentialError : new errors_1.AuthUnknownError('WebAuthn ceremony failed', null),
+                });
+            }
+            // 3. Serialize and verify with server
+            const serialized = (0, webauthn_1.serializeCredentialCreationResponse)(credential);
+            return this._verifyPasskeyRegistration({
+                challengeId: options.challenge_id,
+                credential: serialized,
+            });
+        }
+        catch (error) {
+            if ((0, errors_1.isAuthError)(error)) {
+                return this._returnResult({ data: null, error });
+            }
+            throw error;
+        }
+    }
+    /**
+     * Start passkey registration for the current authenticated user.
+     * Returns WebAuthn credential creation options to pass to navigator.credentials.create().
+     */
+    async _startPasskeyRegistration() {
+        (0, helpers_1.assertPasskeyExperimentalEnabled)(this.experimental);
+        try {
+            return await this._useSession(async (result) => {
+                const { data: { session }, error: sessionError, } = result;
+                if (sessionError) {
+                    return this._returnResult({ data: null, error: sessionError });
+                }
+                if (!session) {
+                    return this._returnResult({ data: null, error: new errors_1.AuthSessionMissingError() });
+                }
+                const { data, error } = await (0, fetch_1._request)(this.fetch, 'POST', `${this.url}/passkeys/registration/options`, {
+                    headers: this.headers,
+                    jwt: session.access_token,
+                    body: {},
+                });
+                if (error) {
+                    return this._returnResult({ data: null, error });
+                }
+                return this._returnResult({ data, error: null });
+            });
+        }
+        catch (error) {
+            if ((0, errors_1.isAuthError)(error)) {
+                return this._returnResult({ data: null, error });
+            }
+            throw error;
+        }
+    }
+    /**
+     * Verify passkey registration with the credential response.
+     * The credentialResponse should be the serialized output of navigator.credentials.create().
+     */
+    async _verifyPasskeyRegistration(params) {
+        (0, helpers_1.assertPasskeyExperimentalEnabled)(this.experimental);
+        try {
+            return await this._useSession(async (result) => {
+                const { data: { session }, error: sessionError, } = result;
+                if (sessionError) {
+                    return this._returnResult({ data: null, error: sessionError });
+                }
+                if (!session) {
+                    return this._returnResult({ data: null, error: new errors_1.AuthSessionMissingError() });
+                }
+                const { data, error } = await (0, fetch_1._request)(this.fetch, 'POST', `${this.url}/passkeys/registration/verify`, {
+                    headers: this.headers,
+                    jwt: session.access_token,
+                    body: {
+                        challenge_id: params.challengeId,
+                        credential: params.credential,
+                    },
+                });
+                if (error) {
+                    return this._returnResult({ data: null, error });
+                }
+                return this._returnResult({ data, error: null });
+            });
+        }
+        catch (error) {
+            if ((0, errors_1.isAuthError)(error)) {
+                return this._returnResult({ data: null, error });
+            }
+            throw error;
+        }
+    }
+    /**
+     * Start passkey authentication.
+     * Returns WebAuthn credential request options to pass to navigator.credentials.get().
+     */
+    async _startPasskeyAuthentication(params) {
+        var _a;
+        (0, helpers_1.assertPasskeyExperimentalEnabled)(this.experimental);
+        try {
+            const { data, error } = await (0, fetch_1._request)(this.fetch, 'POST', `${this.url}/passkeys/authentication/options`, {
+                headers: this.headers,
+                body: {
+                    gotrue_meta_security: { captcha_token: (_a = params === null || params === void 0 ? void 0 : params.options) === null || _a === void 0 ? void 0 : _a.captchaToken },
+                },
+            });
+            if (error) {
+                return this._returnResult({ data: null, error });
+            }
+            return this._returnResult({ data, error: null });
+        }
+        catch (error) {
+            if ((0, errors_1.isAuthError)(error)) {
+                return this._returnResult({ data: null, error });
+            }
+            throw error;
+        }
+    }
+    /**
+     * Verify passkey authentication and create a session.
+     * The credential should be the serialized output of navigator.credentials.get().
+     */
+    async _verifyPasskeyAuthentication(params) {
+        (0, helpers_1.assertPasskeyExperimentalEnabled)(this.experimental);
+        try {
+            const { data, error } = await (0, fetch_1._request)(this.fetch, 'POST', `${this.url}/passkeys/authentication/verify`, {
+                headers: this.headers,
+                body: {
+                    challenge_id: params.challengeId,
+                    credential: params.credential,
+                },
+                xform: fetch_1._sessionResponse,
+            });
+            if (error) {
+                return this._returnResult({ data: null, error });
+            }
+            if (data.session) {
+                await this._saveSession(data.session);
+                await this._notifyAllSubscribers('SIGNED_IN', data.session);
+            }
+            return this._returnResult({ data, error: null });
+        }
+        catch (error) {
+            if ((0, errors_1.isAuthError)(error)) {
+                return this._returnResult({ data: null, error });
+            }
+            throw error;
+        }
+    }
+    /**
+     * List all passkeys for the current user.
+     */
+    async _listPasskeys() {
+        (0, helpers_1.assertPasskeyExperimentalEnabled)(this.experimental);
+        try {
+            return await this._useSession(async (result) => {
+                const { data: { session }, error: sessionError, } = result;
+                if (sessionError) {
+                    return this._returnResult({ data: null, error: sessionError });
+                }
+                if (!session) {
+                    return this._returnResult({ data: null, error: new errors_1.AuthSessionMissingError() });
+                }
+                const { data, error } = await (0, fetch_1._request)(this.fetch, 'GET', `${this.url}/passkeys`, {
+                    headers: this.headers,
+                    jwt: session.access_token,
+                    xform: (data) => ({ data, error: null }),
+                });
+                if (error) {
+                    return this._returnResult({ data: null, error });
+                }
+                return this._returnResult({ data, error: null });
+            });
+        }
+        catch (error) {
+            if ((0, errors_1.isAuthError)(error)) {
+                return this._returnResult({ data: null, error });
+            }
+            throw error;
+        }
+    }
+    /**
+     * Update a passkey.
+     */
+    async _updatePasskey(params) {
+        (0, helpers_1.assertPasskeyExperimentalEnabled)(this.experimental);
+        try {
+            return await this._useSession(async (result) => {
+                const { data: { session }, error: sessionError, } = result;
+                if (sessionError) {
+                    return this._returnResult({ data: null, error: sessionError });
+                }
+                if (!session) {
+                    return this._returnResult({ data: null, error: new errors_1.AuthSessionMissingError() });
+                }
+                const { data, error } = await (0, fetch_1._request)(this.fetch, 'PATCH', `${this.url}/passkeys/${params.passkeyId}`, {
+                    headers: this.headers,
+                    jwt: session.access_token,
+                    body: { friendly_name: params.friendlyName },
+                });
+                if (error) {
+                    return this._returnResult({ data: null, error });
+                }
+                return this._returnResult({ data, error: null });
+            });
+        }
+        catch (error) {
+            if ((0, errors_1.isAuthError)(error)) {
+                return this._returnResult({ data: null, error });
+            }
+            throw error;
+        }
+    }
+    /**
+     * Delete a passkey.
+     */
+    async _deletePasskey(params) {
+        (0, helpers_1.assertPasskeyExperimentalEnabled)(this.experimental);
+        try {
+            return await this._useSession(async (result) => {
+                const { data: { session }, error: sessionError, } = result;
+                if (sessionError) {
+                    return this._returnResult({ data: null, error: sessionError });
+                }
+                if (!session) {
+                    return this._returnResult({ data: null, error: new errors_1.AuthSessionMissingError() });
+                }
+                const { error } = await (0, fetch_1._request)(this.fetch, 'DELETE', `${this.url}/passkeys/${params.passkeyId}`, {
+                    headers: this.headers,
+                    jwt: session.access_token,
+                    noResolveJson: true,
+                });
+                if (error) {
+                    return this._returnResult({ data: null, error });
+                }
+                return this._returnResult({ data: null, error: null });
+            });
+        }
+        catch (error) {
+            if ((0, errors_1.isAuthError)(error)) {
+                return this._returnResult({ data: null, error });
+            }
+            throw error;
+        }
+    }
 }
 GoTrueClient.nextInstanceID = {};
 exports.default = GoTrueClient;